Scribd Logo
Upload

Welcome to Scribd!

  • Script chuyển traffic FW NHT - update

    Uploaded by

    Phạm Hiếu Trung
    1 views4 pages

    Original Title

    Script chuyển traffic FW NHT_update

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views4 pages

    Script chuyển traffic FW NHT - update

    Uploaded by

    Phạm Hiếu Trung

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    1/ Mở Policy để PE_ps quảng bá ip user private của EPG , vEPG cho cả 2 F

    route-policy EXPORT_TO_FWGI_01_ipv4
    if destination in IPv4_vEPG_NHT_1E or destination in IPv4_EPG_NHT_1E then
    pass
    else
    drop
    endif
    end-policy
    !
    route-policy EXPORT_TO_FWGI_01_ipv6
    if destination in IPv6_vEPG_NHT_1E or destination in IPv6_EPG_NHT_1E then
    pass
    else
    drop
    endif
    end-policy
    !

    2/ Gộp VRF nhằm


    - vrf Gi-APN-1 thấy df route của INTERNET 2 ( trước đó đã học D
    - vrf Gi-APN-2 thấy df rout của INTERNET 1 ( trước đó đã học DF INTERNET 2 ) import R
    vrf INTERNET-2
    address-family ipv4 unicast
    import route-target
    131429:11012
    address-family ipv6 unicast
    import route-target
    131429:11012

    3/ Chỉnh thông số LP để điểu khuyển traffic chạy về FW1 / FW2 ( h


    -Chuyển traffic chạy về FW2 ( lp100 ) off FW1 ( lp95)
    route-policy IMPORT_FROM_FWGI_01_ipv4
    set local-preference 95
    end-policy
    !
    route-policy IMPORT_FROM_FWGI_01_ipv6
    set local-preference 95
    end-policy
    !
    -Chuyển traffic chạy về FW1 ( lp100 ) off FW2 ( lp95)
    route-policy IMPORT_FROM_FWGI_02_ipv4
    set local-preference 95
    end-policy
    !
    route-policy IMPORT_FROM_FWGI_02_ipv6
    set local-preference 95
    end-policy
    ate của EPG , vEPG cho cả 2 FW1,2 ( vrf INTERNET 1,2 )
    route-policy EXPORT_TO_FWGI_02_ipv4
    if destination in IPv4_EPG_NHT_1E or destination in IPv4_vEPG_NHT_1E then
    pass
    else
    drop
    endif
    end-policy
    !
    route-policy EXPORT_TO_FWGI_02_ipv6
    if destination in IPv6_EPG_NHT_1E or destination in IPv6_vEPG_NHT_1E then
    pass
    else
    drop
    endif
    end-policy

    Gộp VRF nhằm


    TERNET 2 ( trước đó đã học DF INTERNET 1 )
    ọc DF INTERNET 2 ) import RT 131429:11012 ( của VRF INTERNET 1 )
    vrf Gi-APN-2
    address-family ipv4 unicast
    import route-target
    131429:11012
    address-family ipv6 unicast
    import route-target
    131429:11012

    raffic chạy về FW1 / FW2 ( hướng PE_PS - FW )


    về FW2 ( lp100 ) off FW1 ( lp95)
    route-policy IMPORT_FROM_FWGI_02_ipv4
    set local-preference 100
    end-policy
    !
    route-policy IMPORT_FROM_FWGI_02_ipv6
    set local-preference 100
    end-policy

    về FW1 ( lp100 ) off FW2 ( lp95)


    route-policy IMPORT_FROM_FWGI_01_ipv4
    set local-preference 100
    end-policy
    !
    route-policy IMPORT_FROM_FWGI_01_ipv6
    set local-preference 100
    end-policy

    You might also like